architecture guide - agilepointsupport.agilepoint.com/.../maps/agilepoint_architecture.pdf ·...

Architecture Guide

AgilePoint BPMS v5.0 SP2

Document Revision r5.2.5

November 2011

Contents 2

AgilePoint BPMS v5.0 SP2 Architecture Guide r5.2.5

Contents

Preface....................................................................................................................4Disclaimer of Warranty................................................................................................4Copyright.....................................................................................................................4Trademarks.................................................................................................................4Government Rights Legend........................................................................................4Virus-free software policy............................................................................................4Document Revision Numbers..................................................................................... 5AgilePoint Documentation in PDF and HTML.............................................................5Contacting AgilePoint Sales........................................................................................5Contacting Customer Support.....................................................................................6

Introduction............................................................................................................7Relationships between Entities...................................................................................7AgilePoint Business Process Data Flow.....................................................................8

Build Time......................................................................................................... 9Run Time (AgilePoint Server)........................................................................... 9Run Time (Application)....................................................................................10

Software Architecture......................................................................................... 12Presentation Layer....................................................................................................12Logic Layer (AgilePoint Server)................................................................................ 13

Process Engine...............................................................................................13Session Manager............................................................................................ 13Request Queue Manager................................................................................14Process Template Class Loader.....................................................................14Process Template Management..................................................................... 14Archive Manager.............................................................................................14Process Swapper............................................................................................14Server Coordinator..........................................................................................15Escalation Monitor...........................................................................................15Notification Preprocessor................................................................................15Notification Deliver.......................................................................................... 15Exception Handling......................................................................................... 16AgilePart..........................................................................................................16

Data Layer................................................................................................................ 16Server (Business Components) Interactions............................................................ 17

Implementation Architecture..............................................................................18Autonomous BPMS...................................................................................................18Embedded BPMS..................................................................................................... 18Rich Client Implementation.......................................................................................19

Deployment Architecture....................................................................................20Deployment/Installation Architecture Model..............................................................20

Small Scale Model.......................................................................................... 21Medium Scale Model.......................................................................................22Large Scale Model.......................................................................................... 23

AgilePoint and Your Existing Environment............................................................... 24

Contents 3


Network Performance..................................................................................... 24Domain Name Service (DNS)......................................................................... 25Authentication, Active Directory and Kerberos................................................25Hardware and Software Configuration............................................................25

Strategy for Development, Testing and Staging....................................................... 25Nonfunctional Requirements for AgilePoint Application..................................25Development, Testing, Staging and Production Environment.........................26

Disaster Recovery.....................................................................................................28Single AgilePoint Server Instance...................................................................28Multiple AgilePoint Server Instances...............................................................29

Performance.........................................................................................................31Security................................................................................................................ 32

Authentication........................................................................................................... 32User Interface Authentication..........................................................................32Server Process Authentication........................................................................32Database Authentication.................................................................................32

Authorization.............................................................................................................33User Access Security......................................................................................33

Active Directory Integration.......................................................................................33

Preface 4


Preface

Disclaimer of WarrantyAgilePoint, Inc. makes no representations or warranties, either express or implied, by or with respectto anything in this document, and shall not be liable for any implied warranties of merchantability orfitness for a particular purpose or for any indirect, special or consequential damages.

CopyrightCopyright © 2011 AgilePoint, Inc. All rights reserved.

TrademarksAgilePoint, Inc. and AgilePoint's products are trademarks of AgilePoint Inc. References to othercompanies and their products use trademarks owned by the respective companies and are forreference purpose only.

Government Rights LegendUse, duplication or disclosure by the U.S. Government is subject to restrictions set forth in theapplicable license agreement and as provided in DFARS 227.7202-1(a) and 227.7202-3(a) (1995),DFARS 252.227-7013(c)(1)(ii) (Oct 1988), FAR 12.212(a) (1995), FAR 52.227-19, or FAR 52.227-14,as applicable.

Virus-free software policyAgilePoint recognizes that viruses are a significant security consideration for our customers. To date,we have had no report of AgilePoint BPMS carries any virus. AgilePoint takes the following measuresto ensure our software is free of viruses upon delivery:

• AgilePoint is built on top of Microsoft .NET framework. The pre-compiled executable is a.NETCommon Language Runtime (CLR) application, not a native machine binary. As far as is known atthis time, there are no viruses that infect .NET CLR executables.

• The virtual environment for the product packaging process in is fully isolated and protected, andanti-virus software is installed and running during packaging.

• The deliverable package is scanned by anti-virus software before upload to our customerdownload site.

Preface 5


Document Revision NumbersAgilePoint documentation uses the revision number format rX.Y.Z. The letters and numbers in thisrevision number can be interpreted as follows:• r - Indicates "revision." This helps to differentiate the document version numbers, which start with

v.

• X - The major version number for AgilePoint BPMS to which this document refers. For example,AgilePoint releases 5.0, 5.0 SP1, and 5.5 would all have an X value of 5.

• Y - The major document revision number. This number typically changes only when either there isa new AgilePoint release, or there are major changes to the document.

• Z - The minor document revision number. This number is incremented each time the document isrepublished.

AgilePoint Documentation in PDF and HTMLAgilePoint documentation is provided in both print-friendly (PDF) and web-based (HTML) formats.

Advantages of HTML Documentation• HTML is the primary delivery format for AgilePoint documentation.

• Unified, global search across all documentation. PDF documents allow you to search only withinthe context of a given PDF file.

• All hyperlinks supported. Links in PDFs are only supported in certain contexts.

• "One-stop shopping" for all information related to AgilePoint BPMS.

• The HTML documentation is updated more frequently than the PDF documentation. Web-based documentation is updated periodically between AgilePoint releases to address errors andomissions, but the PDF documentation is updated only at the time of a software release.

Advantages of PDF Documentation

PDFs can be more easily printed, archived, and transferred (such as by FTP or email) than HTMLdocumentation.

For more information, see Downloading Files and Sharing Links from the Documentation Library onthe AgilePoint Support Portal.

Contacting AgilePoint SalesAgilePoint is a leading Business Process Management System (BPMS) provider created by a teamof driven people who strive to incorporate the principles of relentless innovation for the benefit ofour customers. Our mission is to help companies of any size attain and sustain operational successthrough process excellence.

Headquarters: AgilePoint Corporation 1916C Old Middlefield Way Mountain View, CA 94043, USA

http://support.agilepoint.com/SupportPortal/

Preface 6


Tel: (650) 968 - 6789

Fax: (650) 968 - 6785

Email: [email protected]

Web site: www.agilepoint.com

International: For AgilePoint EMEA and AgilePoint Asia Pacific, please call the AgilePoint CorporateOffice for contact information.

Contacting Customer SupportTo contact AgilePoint Support, please submit a ticket on the AgilePoint Support Portal: http://support.agilepoint.com/SupportPortal/

If you do not have a Support Portal account, you can send an email to request one:[email protected]

mailto:[email protected]

http://www.agilepoint.com



mailto:[email protected]

Introduction 7


IntroductionThis document describes the architecture of the AgilePoint BPMS (Business Process ManagementSystem). AgilePoint is a Microsoft .NET based BPMS that provides a robust and scalable BusinessProcess Management engine to support both human workflow and automated processes throughreusable business process rules and process assets. AgilePoint's process engine is fully WfMC(Workflow Management Coalition) compliant with support for XPDL and ingrained XML. TheAgilePoint XML based process description is fully translatable into other emerging standards such asBPEL and BPML.

AgilePoint has adopted 3-tier architecture which is highly scalable (3-tier which can be scaled to n-tier), portable (through Web Service) and flexible (process component reusability). Data persistence ismanaged in the database. This layered architecture is used to isolate changes and to provide for easyintegration among different technologies. The following diagram provides a simple view of AgilePoint's3-tier architecture. Detail description of components and its overall architecture is presented later inthis document.

Relationships between EntitiesA process is defined in a process template # an XML representation of the process. The processtemplate is deployed and managed by the AgilePoint BPMS. The XML entities within the processtemplate define the flow of the business process. AgilePoint BPMS will initiate process instances andtheir corresponding activities based on the entity definitions within the process template.

The following diagram represents how the above entities are related in AgilePoint BPMS.

Introduction 8


AgilePoint Business Process Data FlowIn an AgilePoint-enabled application, various types of data will flow through AgilePoint Server:

• Process Definition – Process template that defines the process and will be deployed toAgilePoint Server in XML format.

• Process Control Data and Custom Attributes – Process-related data that AgilePoint Serveruses to manage, monitor, an audit the processes.

• Application Data – Application-related data that AgilePoint Server will carry and pass to theapplication to perform further application logic.

The following diagram represents the overall process data flow:

Introduction 9


Build TimeUsers build an AgilePoint process model using AgilePoint Envision, which is built on Microsoft Visio.AgilePoint is the first BPMS to extend Visio into a full lifecycle BPM productivity tool, from design toproduction.

• The created process model can be saved in Microsoft Visio format to facilitate sharing andcollaboration throughout the design process.

• Process models created in AgilePoint Envision can be deployed directly to AgilePoint Server, theBPM engine, for execution. To facilitate enterprise deployment methodology, AgilePoint Envisionsupports the deployment to multiple target server environments, such as development, testing,staging, and production.

• As part of the deployment process to AgilePoint Server for execution, the process model isconverted into XML format.

When customization and/or IT abstraction is need, application developers can then use MicrosoftVisual Studio .NET based AgilePoint Developer to perform the following:

• Create a standard Visual Studio .NET based AgilePoint project to add custom application codeand integrate the application logic with the associated process models.

• Create AgileParts to abstract IT functionality for direct leverage and reuse at the process level.

By enabling full customization through associating a Visual Studio .NET project with a Visio basedprocess model, AgilePoint separates the process definition from underlying code and technologies.This is a compelling advance over competing BPMS products. Like its tiered architecture, this designfacilitates flexibility, reusability and manageability that are key to power adaptive BPM process-basedapplications.

Run Time (AgilePoint Server)Once an AgilePoint process model is deployed to AgilePoint Server and stored in XML format,AgilePoint Server responds to user requests through the user interface of AgilePoint enabledapplication, programmatically, or via external events to initiate an instance of the process mode,execute and control the created running process instance based on the definition in the processmodel.

Introduction 10


• Process control data is maintained and stored in the database. This data is used in processmanagement, monitoring, and reporting.

• Custom attributes are used to maintain process related data within a process instance or acrossmultiple process instances. This data is used by AgilePoint to perform specific data drivenbusiness logic such as decision making and conditional branching.

Activities are created where manual tasks are distributed to participant(s) to perform the specific tasksthrough the application interface and automatic system tasks will be triggered through the applicationintegration.

Run Time (Application)

• AgilePoint-enabled applications provide interfaces for users to perform the manual activities. Theyalso manage, monitor, and audit the processes.

• Application data can be stored in the database or other format, depending on the architectureand technology of the application. When database is used, the application data can be stored in aseparate database from the AgilePoint Server database. This application data will be used by theapplication to perform specific application logic.

Introduction 11


Software Architecture 12


Software ArchitectureThe AgilePoint BPMS 3-tier architecture is detailed in the following diagram.

Presentation LayerThere are two types of presentation layers: AgilePoint's own presentation layer and an AgilePoint-enabled application's presentation layer.

• The AgilePoint Presentation Layer provides the interfaces for BPMS implementers to design,develop, execute, manage, and monitor the process and its instances. AgilePoint has threepresentation components:

• AgilePoint Envision – A Microsoft Visio add-in through COM technology where processdesigners can define their process templates with the Microsoft Visio interface.

• AgilePoint Developer – A Microsoft Visual Studio .NET add-in through COM technologywhere application developers can implement the process and application logic through theMicrosoft Visual Studio .NET.



• AgilePoint Enterprise Manager – A web-based interface that power users or systemadministrators can manage, monitor, and audit the AgilePoint BPMS and its runtimeprocesses.

• AgilePoint Server Configuration – A desktop-based configuration tool for AgilePoint systemadministrator to configure the various system parameters such as SMTP server and databasesettings.

• The Application Presentation Layer provides the interfaces for business process end users toinitiate processes and/or perform the activities defined in the processes. AgilePoint providesflexible architecture that various types of application presentation can be implemented through theAgilePoint Web Service Client API.

Logic Layer (AgilePoint Server)AgilePoint's Logic layer provides the core functionality and BPMS logic for AgilePoint Server. Thereare multiple components, each of which provides its own set of features and functionalities.

The logic layer can be accessed through the client-side Web Service API or the Server-side API.

Process EngineThe Process Engine provides the core engine to handle the process flow.

• The Process Engine is the core of the AgilePoint Server. It is a WfMC compliance processexecution engine with an XPDL extension and AgilePoint's own ingrained XML support. It iscapable of consuming the XML-based process definitions designed and deployed throughAgilePoint Envision.

• The engine executes process instances and performs the corresponding activities based on thedefinitions and business rules in the process templates. The activities include manual activitiesthat require human intervention, automatic activities that trigger corresponding system tasks,and conditional activities that determine the branching and flow dynamics of the processes. Theengine is responsible for routing manual tasks to appropriate participants and associate withcorresponding tasks.

• The engine is capable of performing dynamic binding and loading during execution at run-timeoffering the maximum flexibility and agility.

Session ManagerThe Session Manager handles the client application connection session including securityauthentication and authorization. This component is also responsible for monitoring the behaviorof the activities throughout the process and keeping track of audit trail of the process. The relatedinformation is maintained in the AgilePoint database and can be used for reporting.



Request Queue ManagerThe RequestQueue Manager component manages task requests. It maintains the multi-threadedasynchronous execution of a series of task requests, which can be delegated, reassigned, suspend,resumed, and canceled. These operations can be preset through programs, predefined instructionssuch as delegation rules, or they can be triggered manually through the Enterprise Manager.

Process Template Class Loader• This component handles the loading of the process template and its execution 'instructions.' For

example, the 'instructions' could be the Visual Studio.NET project containing the custom codeto control the runtime behavior of the process instance. The process template definition andinstructions will be fed to the process engine to initiate and manage the execution of the processinstance.

• This feature enables the separation of process definition from underlying code providing newlevels of runtime control, flexibility, and manageability.

Process Template ManagementThe Process Template Management component manages the lifecycle of the process templates.AgilePoint supports built-in versioning control for the lifecycle development of process template. Aprocess template has different stages throughout its life-cycle such as: created, released, checked-out, checked-in, and retired. Only a "released" process template can be executed while the previousversions will be "retired". Process templates are maintained with unique process template namesalong with version and status. System Administrators or users with authorized permissions have fullcontrols of the deployment and versioning of all the process templates. Process templates be easilymanaged with AgilePoint Enterprise Manager.

Archive ManagerThe Archive Manager module handles the versioning and data backup of process-related data. Thiscomponent allows system administrator to back up, restore, and archive process-related data.

Process SwapperThe Process Swapper component handles process swapping that enhances performance andresource handling. AgilePoint Server can maximize the capacity of the physical server by the processswapping technology. Many long-running processes may take hours, days, or weeks to completebetween steps. AgilePoint Server exploits an intelligent algorithm to swap these processes out fromsystem memory to maximize the usage of system resources. This module monitors the status of theprocess instances, and it releases and allocates the resources of idle process instances to activeprocess instances. Though swapped out, the idle processes (in "sleep" state), are still controlled byAgilePoint timing sensitive modules such as timeout activities and email notifications. When externalor internal events to which idle processes listen occur, these processes can be swapped back into thememory instantly.



Server CoordinatorThis component manages the server and system configuration. A user interface ServerConfiguration is provided for System Administrator to specify the system and server configurations.These configurations included:

• Database Server configuration including database name, database authentication mechanism,and database connection pool setting.

• System administrator setting and authentication mechanism.

• SMTP Server and related settings such as email format and sender information.

The configuration is stored in an XML file that contains the above information.

In a multi-server deployment scenario, this component also manages the clustering and loadbalancing relationships and configurations among multiple servers.

Escalation MonitorThe Escalation Monitor module keeps track of whether an activity or a process is overdue and whetherit requires escalation. In each process template, the process and each activities are defined with duedates which will be monitored by the Escalation Monitor. Specific instructions or activities can beimplemented and triggered when the activities or the process are overdue.

Notification Preprocessor

• The Notification Preprocessor module preprocesses the email notifications based on the mailtemplate definition and the runtime data of the process. For example, AgilePoint lets users definedynamic email templates containing macros that will generate dynamic contents based on runtimeconditions.

• An activity can contain multiple email templates that correspond to different stages of the activity.The mail template for the email notification can contain dynamic runtime data such as the activity'sparticipant information or the unique process instance name. These dynamic values will beincorporated into the final email notification before sending.

Notification DeliverThe Notification Deliver component manages the delivery session of email notifications. AgilePointServer provides different types of email notifications depending on the stage and status of theactivities. For example, multiple email notifications can be triggered depending on the stage ofthe execution of an activity such as "entering", "in-processing", or "exiting" the activity. Similaremail notifications could also occur when the activity is overdue, or is being reassigned. The emailnotifications are sent through the SMTP server as specified during the server configuration. Thismodule also keeps track of failed notifications that could be caused by temporarily unavailability ofthe SMTP server. The system will resend the failed notification in a predefined schedule or Systemadministrators can also explicitly resend the failed notifications through the Enterprise Managerinterface.



Exception HandlingThis component contains the default exception handling module that is executed when a runtimeexception occurs. Part of the default exception handling includes notifying system administrators of theexception through email. AgilePoint also lets users to replace the default exception handling with theircustom exception handling routines to gain 100 percent control of handling run-time exceptions.

AgilePartAgileParts enable the abstraction of IT functionality from the code level to the process level. In short,AgileParts are custom and reusable IT components that can be leveraged within or across AgilePointprocesses. AgileParts contain custom code that performs specific tasks.

• AgileParts are exposed at the process level for business user consumption through AgilePartRegistration support in AgilePoint Envision. They can be used as custom activities during theprocess template designing and modeling. This is a unique and powerful mechanism to extendand expose reusable custom code from the IT level into the process level to empower businessusers and further enable business agility. This advancement also significantly increases ITutilization and return of IT investment.

• To maximize the flexibility of reuse, the behavior of AgileParts can be easily configured by userinput through the property interface in AgilePoint Envision.

• AgileParts can be used to encapsulate past (pre .NET) developments such as VB, COM, C++, oreven Java and leverage them immediately to build .NET powered BPM applications in AgilePoint.

• AgileParts can be executed by the same system running AgilePoint Server. ThoughAgilePoint can "scale up" through clustering support to handle increasing load of AgilePartexecution, AgilePoint also supports "scale out" to deploy AgileParts to be executed by its owndedicated server to offload AgilePoint Server for dedicated execution of process instances.

• When exposing IT functionality of different systems into AgilePart, it offers the advancement of thecreation of a "virtual IT layer" to enable technology independent user interface and operations.

Data LayerAgilePoint's Data layer handles database interaction where all process control and related dataare stored. In AgilePoint, the logic necessary to access data is abstracted in a separate layer ofdata access logic components where different database access packages can be applied to accessdifferent types of data sources. AgilePoint currently supports both Microsoft SQL Server 2000and Oracle databases through ADO.NET and Oracle Data Provider for .NET respectively. Thisarchitecture can be easily extended to support other data sources if needed. The following illustratesthe AgilePoint's data layer:



The AgilePoint Data Access Logic component provides two types of interfaces:

• Web Service API that allows user interface (client) component

• Server side API that allows logic layer or business components

Server (Business Components) InteractionsAgilePoint's Business Logic Layer contains business components that encapsulate the business logic.As part of the business logic layer, business components interact with both the Presentation and Datalayers. There are 2 ways that AgilePoint's business components can be invoked:

• Through components in the Presentation Layer

• Through the AgilePoint Web Service interfaceAgilePoint's business components call AgilePoint's data access logic components to insert, update,and retrieve data from the AgilePoint database.

For integration, AgilePoint's business components can invoke service agents to call the other services.This provides an AgilePoint enabled application flexibility to integrate with other systems or services.

The following diagram illustrates the interaction between AgilePoint business components and thePresentation and Data layers.

Implementation Architecture 18


Implementation ArchitectureAgilePoint BPMS is designed to support various types of integration and implementation, includingweb-based, WinForm based, and third-party integration. There are two main types of implementationapproaches:

• Autonomous BPMS

• Embedded BPMS

Autonomous BPMSIn an Autonomous BPMS, an AgilePoint web service awaits a client to make a request. It thenprocesses the request and sends a response message to the client. The client could be a typical end-user application # for example, Microsoft Internet Explorer (IE) for a web application.

Regardless of the type of client interface, one common theme is that a piece of code, called a proxy,is used for receiving requests and returning responses between client and server. Microsoft VisualStudio .NET provides a way to generate and update a proxy for a web service by a given server URL.AgilePoint Web Application Project type available through its integration with Visual Studio .NETfacilitates the creation of an AgilePoint powered web application.

The following diagram illustrates a typical autonomous BPMS implementation.

Embedded BPMSIn an embedded BPMS application, AgilePoint Server runs with the same process of the embeddingapplication as a component. AgilePoint workflow application programming interface (WAPI) andAgilePoint Embedded Server Project type in Visual Studio .NET makes implementation and integration

Implementation Architecture 19


of this type of application straightforward. An embedded BPMS application obtains more and directcontrols on AgilePoint BPMS.

The following diagram illustrates a typical Embedded BPMS implementation:

Rich Client ImplementationBesides the web-based client, AgilePoint also supports rich client application interfaces. You caneither create a rich client interface based on Windows form (WinForm) or integrate with existing anMicrosoft application such as Microsoft Office.

In most enterprise application deployments, using rich client interfaces implies the needs of thefollowing:

• The ability to authenticate users through Microsoft Active Directory

• The ability to work offline

• An interface with richer functionalities and session related state management.

AgilePoint's flexible architecture supports the rich client interface implementation in addition to theweb-based application implementation.

Deployment Architecture 20


Deployment ArchitectureThere are three basic AgilePoint deployment architecture models. Each model can be tuned to scaleup and out for overall of performance of the AgilePoint system. It guides the starting point of planningthe deployment architecture of AgilePoint installation. Notice, the models described in this documentmay not be exactly same as the actual system you are trying to build, but taking the model as atemplate will help the configuration of system environment.

Typically, AgilePoint deployment or installation falls into one of following three architecture models:

• Small Scale Model

• Medium Scale Model

• Large Scale Model

It covers most of deployments, but your system configuration may be slightly different. Meantime, youmay take similar approaches to plan your staging environment.

Deployment/Installation Architecture ModelThe AgilePoint deployment architecture varies based on the specific requirements for individualorganizations. However, all deployment architecture recommendations are based on the same basicstandards:

• Front end application server (Presentation Layer) - As the scale increases, presentation layerservers are typically added and load balanced using NLB.

• AgilePoint servers (Business Logic Layer) - Failover servers are added to the business logiclayer to improve reliability, and additional servers are added to handle additional load.

• Database server (Data Layer) - In most small- to medium-scale AgilePoint implementations,the database resides on a database server that serves other applications as well. However, thiscan be a dedicated server, and it often is in enterprise implementations. Active/passive failover isrecommended.



Small Scale ModelIn a small-scale deployment architecture, the front-end application and AgilePoint Server are on oneserver, and the database server can be shared with other applications if process loading not heavy.However, since AgilePoint is a database-intensive server, a dedicated and faster database server willincrease overall AgilePoint performance. (Note that in systems with minimum requirements of 4 GBmemory, you may also want a separate machine to run SharePoint.) Small-scale architecture shouldbe considered to be entry-level and departmental small business deployment



Medium Scale ModelThe medium-scale model is designed as 3-tier architecture. It provides data tier redundancy, front tierperformance, and high availability. This model is considered the entry-level enterprise deploymentarchitecture. Also, the architecture is quite easy to scale and handles a heavy loading by end userinteraction, such as ASP.NET forms, SharePoint libraries, and reports.



Large Scale ModelFor business-critical process-driven applications, as process load increasing, the large scaledeployment model will be necessary to be planned and implemented for the enterprise or anyorganization. It provides not only layer isolation, but also three-tier high availability and performanceby clustered database, AgilePoint and front-tier applications.

The architecture can be scaled out by simply adding nodes to existing NLB clusters. It can bescaled up by upgrading existing nodes (for example, increasing CPU and memory) and adding moreinstances of AgilePoint and web applications on each server.



AgilePoint and Your Existing EnvironmentOnce you have selected AgilePoint deployment architecture model, next you must analyze andconfigure your existing infrastructure in order to deploy AgilePoint BPMS in your environment. Thereare many aspects you must take in account, such as: network, DNS, authentication/Kerberos/Activedirectory, IIS configuration, and database configuration.

Network PerformanceNetwork performance is an important factor in preparing your existing environment for AgilePointdeployment.

Connectivity between ServersFrom network topology point of view, the connections between servers are critical to the AgilePointBPMS system. It is also important that the server uses a fast network interface card (NIC). OftenAgilePoint Server requires a large amount of data communication from database server, so goodnetwork connectivity is required between the nodes. If SharePoint is installed, the SharePoint farmneeds a fast network connection to the database. Understanding network connection constraints andserver location should be part of AgilePoint deployment plan.



Connectivity between the Server and WorkstationBesides server performance, it is also very important to optimize the system for end user to have bestpossible experience. For large enterprise deployments, intranet users may have good connectivity, butInternet users do not. Typical issues would be network latency, user locations and network bandwidth.Usually, these issues follow a time pattern # for example, network traffic from 9 a.m. to 11 a.m.

Domain Name Service (DNS)The Domain Name Service (DNS) is a hierarchical naming system for computers, services, or anyresource participating in the intranet and internet. From distributed computing perspective, it playsimportant role as well to help with performance, reducing the amount of time for translating name toaddress. For example, host headers or aliases could be an issue if a DNS administrator does notregister the qualified name. It is beneficial to consider DNS as part of AgilePoint deployment project.

Authentication, Active Directory and KerberosAgilePoint BPMS supports Microsoft Active Directory for authentication or non-Windowsauthentication. If AgilePoint is using Active Directory authentication, Active Directory server calls adomain controller assigned to the same site as AgilePoint Server. If AgilePoint uses non-Windowsauthentication, Active Directory is not required.

Kerberos is a computer network authentication protocol that allows nodes communicating over anon-secure network to prove their identity to one another in a secure manner. It is not an additionalcomponent. It is there by default on Windows. Kerberos is one of way to solve double-hopauthentication issues that are common in n-tier applications environments.

Hardware and Software ConfigurationFor basic hardware and software requirements for AgilePoint BPMS, see System Requirementsfor .NET 3.5 on the AgilePoint Support Portal.

Strategy for Development, Testing and StagingPlanning, implementing and deploying a AgilePoint BPMS solution is not only about having a runningAgilePoint server and application, but also continual support, maintenance, improvement. It is alsoabout optimization, development and policy. It requires to be supported by an effective environmentconfiguration and infrastructure.

Nonfunctional Requirements for AgilePoint ApplicationNonfunctional requirements directly impact your design and deployment strategy. However, manycustomers do not consider these requirements until they arise after the deployment. As part of yourAgilePoint deployment plan, the following aspects are important to take in account:




• Expected system performance and its testing environment and measurement.

• Data growth capacity, archive and reporting of historical data.

• Security policy and authorization, especially for Internet access.

• Daily maintenance and support after deployment.

• Version control of AgilePoint components and process models.

• Windows workstation version, browser version, and .Net framework version.

• Network bandwidth restrictions.

Development, Testing, Staging and Production EnvironmentTypically, four environments are needed for continual AgilePoint development and maintenance:

• Development

• Testing

• Staging

• Production

However, depending upon your project and deployment scenario, you many have more or fewerenvironments. For example, a process model minor change may require approval, but not a formaldevelopment process. You may add more sophisticated test environments for testing performance andsecurity.



Virtual EnvironmentsIn order to save money, it is possible to run one or more of your non-production environments asvirtual environments. This is much cheaper, but it tends to run slower than a physical environment. It ispossible to run functional tests in a virtual environment, but not load tests.

If load testing is not required in a particular environment, AgilePoint recommends using a virtualenvironment. This is an especially effective strategy for development environments.

Note that even if you use a virtual environment, physical database servers are recommended.

Development in Virtual Environments

In particular, virtualization is advantageous for development environments because it enables isolation(sandboxing) between development environments to prevent them from impacting one another. Usingvirtualization technology also speeds up the process of environment configuration. It is a best practiceto keep copies of each version of development environment for future enhancement.

Support for Virtual Environments

AgilePoint is committed to fully supporting AgilePoint BPMS running on virtualization technologies. AgilePoint recommends installing AgilePoint on a physical server machine, but AgilePoint canbe supported in a virtual machine (including NLB) given the virtual machine can support WindowsServer 2003 or 2008, and the .NET Framework 3.5. AgilePoint recommends Windows Server®2008 Hyper-V™, but other Microsoft and non-Microsoft virtualization products are also supported asdiscussed here. In addition to Windows Server® 2008 Hyper-V™, AgilePoint can also be deployedusing Microsoft Virtual Server and Microsoft Virtual PC virtualization technologies. Only virtualizationproducts that have specifically passed Microsoft's requirements for virtualization support are alsoofficially supported for running AgilePoint. See the following Microsoft Web site that provides a list ofnon-Microsoft virtualization products that have passed the requirements for Windows Server 2003 and2008:

http://www.windowsservercatalog.com/results.aspx?&bCatID=1521&cpID=0&avc=0&ava=0&avq=0&OR=1&PGS=25&ready=0

AgilePoint recommends the following configurations to ensure optimal performance of the AgilePointBPMS in a virtual environment:

Host OS Architecture X64

Host Machine Processors 4

Memory 4 GB allocated to each virtual machine

Bandwidth 1 Gb Network connection to the host machine

Virtual Memory Memory allocation cannot always be guaranteed(i.e. if 4 GB is set for the virtual machine, itdoes not mean that the virtual machine will beusing the entire 4 GB of memory at all times).The memory is shared amongst all the virtualmachines.





AgilePoint Database The AgilePoint Database should be on a physicalmachine.

Testing EnvironmentThe testing environment is logically a clean copy of development environment that allows developersand testers to do integration testing. The test environment should be isolated from development with ablank environment configuration to ensure most of the nonfunctional requirements would be tested sothat the solution would not have major issues to deploy into staging and production environment.

The test environment may be virtual, unless load testing is required.

Staging EnvironmentThis staging environment is for some of the nonfunctional requirements that may not be covered bydevelopment and testing environments, such as security, load-balancing, redundancy, and scalability.Usually, staging environment configuration is similar to the production environment. Planning a stagingenvironment as part of production system would reduce the risk of introducing problems on theproduction environment.

Disaster RecoveryThe information provides a brief overview of best practices for AgilePoint disaster recovery forenvironments that use a single AgilePoint Server instance, or multiple instances.

In either case, it is important to create a backup of the following components:

• The AgilePoint database

• web.config files

• netflow.cfg

• The archived AgilePoint database, if archiving is enabled

• The data services databases for data population and tracking, if data population and tracking arein use

Single AgilePoint Server InstanceThe following guidelines apply to environments where there is only one AgilePoint Server instancerunning at a time.



• The Standby AgilePoint Server (AP2) does not point to the Production Database (DB1). Thiswould interrupt the live data in production.

• A Standby Database (DB2) is set up for the Standby AgilePoint Server (AP2). You can make useof your database backups to synchronize the data from your Production Database (DB1) to yourStandby Database (DB2). The frequency to synchronize the data is based on your data growthand also your application tolerance. (For example, if you cannot afford to lose the data for 30minutes, synchronize at a shorter interval.)

• The Standby AgilePoint Server (AP2) must have exactly the same software versions as theProduction AgilePoint Server (AP1) for all the software installed on those two servers. This alsomeans, whenever you apply upgrades or hotfixes to the Production AgilePoint Server (AP1),ensure those upgrades or hotfixes are applied to the Standby AgilePoint Server (AP2) as well. Westrongly recommend you to keep documentation that records each software upgrade/hot fixes forthese two AgilePoint Servers (AP1 and AP2).

• When a failure occurs and the production environment is not available, the AgilePoint Server URL(the one used by your clients to access AgilePoint) mapping is switched to point to the Standbyenvironment. All the events for workflow are recorded in the database. So, if you switch the front-end web server from the production AgilePoint Server to the Standby AgilePoint Server, theStandby AgilePoint Server can pick up the events in the database and continue to process thoseevents.

Multiple AgilePoint Server InstancesThe following guidelines apply if you have more than one AgilePoint Server instance running at onetime. In this situation, the standby systems for disaster recovery are handled similarly to standbysystems for failover.



• The virtual DNS alias points to the production AgilePoint Server. (This production AgilePointServer receives and processes the requests from the clients, and it also runs a thread to read theevents from the database, processes them, and write them back to database.)

• The Standby AgilePoint Server instance runs continuously. This Standby AgilePoint Server doesnot receive and process the requests from the clients, but it does read and write to the databasefor event processing.

Performance 31


PerformancePowered by Microsoft .NET technology, AgilePoint leverages standard Microsoft and web-basedtechnologies and the C#, ASP.NET language APIs. AgilePoint Server is fully developed in C# codethat is a key factor to deliver high performance. Because of its web service architecture, AgilePointclients can be either browser-based or Windows client-based while delivering roughly equivalentperformance.

AgilePoint is designed with performance-enhanced features, such as process swapping, databaseindexing, and data caching. AgilePoint has gone through workload simulations with thousandsof concurrent users with good results. AgilePoint can be further optimized with load balancing,application data indexing, and additional resources (CPU, etc.).

Security 32


SecuritySecurity is an important component of any enterprise application. AgilePoint leverages Microsoftsecurity model and provides a secure framework for BPMS development.

AuthenticationAuthentication is defined as secure identification which is a mechanism for securely identifying user'sidentity that matches the security requirements of the application. Authentication must be implementedin different layers to provide higher level of security.

User Interface AuthenticationAuthentication needs to be implemented in the user interface layer to provide authorization, auditing,and personalization capabilities. Authentication typically involves user credentials such as usernameand password. A wide range of authentication mechanisms are available for web-based userinterfaces. For example, AgilePoint Enterprise Manager prompts users to enter credentials (usernameand password) for logon. However, AgilePoint supports other mechanisms such as Windowsauthentication which based on the Windows logon credentials.

Server Process AuthenticationBesides the user interface authentication, the server logic layer must also authenticate the identitythat calls the service or runs the process. For AgilePoint Server, the credentials are based on thesetting of the IIS identity. The running of all processes will be using this identity. For applicationintegration, AgilePoint supports the notion of impersonation. Each integrated application will requirean impersonator as part of the application settings for authentication. You can provide differentimpersonators for different integrated applications to separate the authentication credentials to providehigher level of security and control.

Database AuthenticationIn order to further separate the authentication identity between the application and the data, itis recommended to use a separate authentication mechanism or credential for your databaseaccess. AgilePoint supports both SQL Authentication (which requires username and passwordexplicitly) and Windows authentication (which based on the Windows logon credentials). For example,AgilePoint Server Configuration supports both authentications through which users can determinewhat mechanism would best fit their needs base on their company's policy, system and applicationrequirements, etc.

Security 33


AuthorizationOnce an identity is authenticated, it must be authorized. Authorization is the process of verifyingpermissions and rights for an authenticated user.

User Access SecurityAgilePoint uses a role-based authorization mechanism to handle user access security. In AgilePoint, arole is defined as a collection of privileges or access rights.

• Individuals or groups of individuals can be added to a role as the member of the role.

• Each member of a role possesses all the privileges granted to the role. If a person is a member ofmultiple roles, he/she will possess the sum of all the access rights associate to the different roles.

• Once users are authenticated to AgilePoint, AgilePoint Server checks their rights based on theirroles to determine if they have permission specific tasks.

• AgilePoint provides built-in roles such as Administrator or Process Template Designer. Additionaladministrator-defined roles can be created to meet the needs of the application.

Active Directory IntegrationAgilePoint supports Active Directory integration where Windows authentication can occur directlyagainst the Active Directory. AgilePoint also provides integration with Active Directory whereorganization and user credentials information can be directly retrieved or synchronized with ActiveDirectory. AgilePoint Envision also provides direct access to Active Directory and can leverage ActiveDirectory's user group setting directly as part of the business rules. This Active Directory integrationprovides you flexibility to tie AgilePoint usage as part of your overall security policy through the use ofActive Directory.

architecture guide - agilepointsupport.agilepoint.com/.../maps/agilepoint_architecture.pdf ·...

Documents